POS malware risks millions of payment cards for Michaels, Aaron Brothers shoppers

Share this article:
Report: Data breaches up 62 percent in 2013
An investigation has confirmed that malware on point-of-sale systems is to blame.

Following an investigation with two independent security firms that dates back to January, arts and crafts retailer Michaels Stores confirmed on Thursday that, much like retail giant Target, its U.S. stores had experienced a payment card breach.

The Michaels breach involved malware on point-of-sale systems that neither security firm had encountered before, Michaels CEO Chuck Rubin wrote in a Thursday statement, explaining the malware has been removed and the incident has been fully contained.

About 2.6 million payment cards may have been compromised from Michaels outlets between May 8, 2013 and Jan. 27, Rubin said, adding that about 400,000 payment cards could have been compromised from Aarons Brothers stores, a Michaels subsidiary, between June 26, 2013 and Feb. 27.

Rubin explained that the breach impacted a “varying number” of Michaels stores, as well as 54 Aaron Brothers locations. The crafts retailer posted online which Michaels and Aaron Brothers locations were affected.

“While we have received limited reports of fraud, we are offering identity protection and credit monitoring services to affected Michaels and Aaron Brothers customers in the U.S. for 12 months at no cost to them,” Rubin said. “We also are offering these customers a fraud assistance service for 12 months at no cost to them.”

Rubin announced at the end of January that Michaels was looking into a possible payment card breach, shortly after technology writer Brian Krebs reported that the retailer was investigating an incident. The investigation was spurred due to reports of fraudulent activity on cards used in stores.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters


More in News

Email promises free pizza, ensnares victims in Asprox botnet instead

Email promises free pizza, ensnares victims in Asprox ...

Cloudmark came upon an email that offers free pizza, but clicking on the link to get the coupon ends with victims being ensnared in a botnet.

Report: most orgs lacking in response team, policies to address cyber incidents

In its Q3 threat intelligence report, Solutionary learned that 75 percent of organizations it assisted had no response team or policies and procedures to address cyber incidents.

Flash redirect campaign impacts Carnegie Mellon page, leads to Angler EK

Flash redirect campaign impacts Carnegie Mellon page, leads ...

Malwarebytes found that, since early July, thousands of sites had been targeted in the campaign.